From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Chentao(Boby)" <boby.chen@huawei.com>
Subject: A memory leak problem in xen-blkback module
Date: Fri, 12 Sep 2014 14:58:36 +0800
Message-ID: <5412999C.6010600@huawei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <boby.chen@huawei.com>) id 1XSKp6-0001cW-07
	for xen-devel@lists.xenproject.org; Fri, 12 Sep 2014 06:59:12 +0000
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: konrad.wilk@oracle.com, roger.pau@citrix.com
Cc: liujinlj.liu@huawei.com, xen-devel@lists.xenproject.org, Yanqiangjun <yanqiangjun@huawei.com>, zhangmin <rudy.zhangmin@huawei.com>, wu.wubin@huawei.com
List-Id: xen-devel@lists.xenproject.org

Hi Konrad,

    I find a memory leak problem in xen-blkback module of linux-3.14.4 release, and the newest 3.17-rc4 also has the same problem. The problem will occur in below condition.

    In xen_blkbk_map function, first get_free_page from balloon or the list of blkif free pages, then map this page. If get_free_page succeed, but map failed,
the grant handle corresponding to this page will be assigned to BLKBACK_INVALID_HANDLE. Because map failed, it will execute xen_blkbk_unmap to retrieve resources.
But in xen_blkbk_unmap function, if the grant handle of a page is BLKBACK_INVALID_HANDLE, it will continue to next loop to execute unmap and put_free_pages.
Only executes put_free_pages, these pages will be returned to the list of blkif free pages and at last be returned to balloon.

    Make a summary, in the condition of get_free_page succeed but map failed, the page will be leaked from balloon or the list of blkif free pages. I have a immature thought,
in xen_blkbk_unmap funtion, when judge the grant handle of a page is BLKBACK_INVALID_HANDLE, can we execute put_free_pages to retrieve this one page?

    Just like below:
    if (pages[i]->handle == BLKBACK_INVALID_HANDLE) {
        put_free_pages(blkif, pages[i]->page, 1);
        continue;
    }

    I'm looking forward to your reply. Any reply is appreciated.

    Best wishes.

    Tao Chen